(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(19) World Intellectual Property Organization 
International Bureau 

(43) International Publication Date 
8 February 2001 (08.02.2001) 




PCT 



(10) International Publication Number 

WO 01/09852 Al 



(51) International Patent Classification 7 : G07F 7/10 

(21) International Application Number: PCT/USOO/20458 

(22) International Filing Date: 28 July 2000 (28.07.2000) 

(25) Filing Language: English 

(26) Publication Language: 1 English 



(30) Priority Data: 
60/146,103 



28 July 1999 (28.07.1999) US 



(71) Applicant (for all designated States except US): MON- 
DEX INTERNATIONAL LIMITED [GB/GB]; 47-53 
Cannon Street, London EC4M 5SQ (GB). 



ROBERTS, Dave [GB/GB]; 32 Woodbridge Close, Ap- 
pleton, Warington WA4 5RD (GB). FOSTER, Michael 
[GB/GB] ; 38 Woodfields, Chisptead, Sevenoaks, Kent 
(GB). KELLY, John [GB/GB]; The Bugalow, Ladyfield 
Road, Sheffield S26 6NR (GB). 

(74) Agents: SCHEENFELD, Robert, C. et al.; Baker Botts 
LLP, 30 Rockefeller Plaza, New York, NY 10112-0228 
(US). 

(81) Designated States (national): AE, AG, AL, AM, AT, AU, 
AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CR, CU, CZ, 
DE, DK, DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR, 
HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, LK, LR, 
LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ, 
NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, TM, 
TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW. 



(72) Inventors; and 

(75) Inventors/Applicants (for US only): EZAWA, Kazuo, 
J. [JP/US]; 10 Union Road, Clinton, NJ 08809 (US). 



(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian 
patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), European 

[Continued on next page] 



(54) Title: SYSTEM AND METHOD FOR COMMUNICATING BETWEEN SMART CARDS 



between Cam i am) Card 2 : 





SetSE02t»tota«a 








' SEOtb 



IT) 
0© 



O 




L 



1 



(57) Abstract: A method and system which provides 
communication between a first portable device (e.g., a 
smart card) having a first storage device and a second 
portable device (e.g., also a smart card) having a second 
storage device. This is performed using, preferably, an 
authenticated system message. The first storage device 
stores thereon a first sequence number and a first key (e.g., 
a first global signing key), and the second storage device 
stores thereon a second sequence number and a second 
global signing key (e.g., a second global signing key). The 
first sequence number is compared to the second sequence 
number. If the second sequence number is newer than the 
first sequence number, a verification is performed using 
the first and second keys. Then, the first sequence number 
is set to have a value of the second sequence number if 
the verification succeeds. At least one of the first and 
second portable devices may receive an authenticated 
system message which includes a command. In another 
embodiment of the present invention, a method and system 
is provided to determine an approximate current time using 
the first and second portable devices. In particular, the 
first sequence number is compared to the second sequence 
number. The first sequence number is indicative of a 
first time provided on the portable device, and the second 
sequence number is indicative of a second time provided on 
the portable device. If the second time is newer than the first 
time, a verification is performed using the first and second 
keys, and the first sequence number is set to have a value 
of the second sequence number if the verification succeeds. 
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SYSTEM AND METHOD FOR COMMUNICATING 
BETWEEN SMART CARDS 

SPECIFICATION 

FIELD OF THE INVENTION ...... . - . 

5 The present invention relates to a system and method for 

communicating between smart cards. In particular, the system and method utilize a 
scheme which allows an application provided on a smart card to be upgraded and/or 
expired, as well as to control the security and control parameters of the application 
provided on the smart card. This mechanism also enables the smart cards to check the 

10 data stored on each respective card to determine and control various parameters and/or 
applications stored in such card (e.g. such as time). 

BACKGROUND INFORMATION 
As the card industry progresses from the usage of the magnetic strip 
cards to the utilization of the smart cards, the ability to process the information 

1 5 provided on the card substantially increases. 

When a transaction isrequested using the. conventional magnetic strip, 
card, a host system must be contacted to authorize the transactions (e.g., credit/debit 
transactions); this is because such conventional magnetic strip card has no 
information processing capability thereon. In contrast, the smart card may utilize a 

20 mechanism (provided therein) to authorize the transaction. This mechanism does not 
have to reside only on the host system, and at least a portion thereof may be provided 
on the smart card. In this manner, the processing capability for authorizing the 
transaction can be moved from the host system to either the smart card or a balanced 
combination of the host system and the smart card. 

25 As a result of the smart cards superior security, reliability and capacity, 

the market for the smart cards is rapidly expanding. Indeed, the ability of the smart 
cards to maintain the intelligent (e.g., executable) applications thereon, such as 
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"access", "credit/debit", "electronic cash", etc. provides such expanding market. The 
existing smart cards utilize card authentication/verification methodologies to perform 
the transactions (e.g., cryptographic techniques). In particular, the conventional smart 
card can be authenticated either statically or dynamically. 
5 With the static authentication, when the card is inserted into a 

transaction terminal, the smart card transmits a "digital signature" to such terminal. 
. . . The digital signature contains information which uniquely identifies each smart card, 
e.g., the card serial number, manufacture ID, manufacture date, etc. Then, the 
transaction terminal decrypts the signature to determine if the smart card data is 
0 genuine. If so, the transaction process is continued; otherwise, it is terminated. 

With the dynamic authentication, the transaction terminal generates 
random data (e.g., a seed), and requests the smart card to encrypt the random data. 
When the transaction terminal receives the encrypted random data from the smart 
card, the terminal decrypts this encrypted data. If the decrypted data is the same as 
1 5 the seed, then it is determined that the smart card is genuine. Such dynamic 

authentication is only possible with the smart cards due to the ability of the smart 
cards to perform the cryptography thereon. 

When the smart card is utilized to facilitate the "electronic cash", it 
may be important to use the "risk managed" smart card application on such smart 
20 card. One of the key economic risk exposures of the smart card is that the electronic 
cash can be "counterfeit". Thus, it is important to minimize the impact of such 
counterfeit electronic cash, and to ensure the stability and utilization of the smart card. 

It is preferable to exploit the on-chip data processing power of the 
smart card to the maximum extent by utilizing a smart card electronic cash risk 
25 management functionality on the smart cards. By installing the risk management 

functionality on a chip of the smart card, some of the critical risk management tasks 
are performed, at the time of the transaction, autonomously on the transacting smart 
cards. 

One of the more important indications for many transactions is an 
30 indication of "time". This indication can be used to enforce the fact that the sequence 
of events should occur in an orderly manner. Currently, the smart cards access the 
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host system to determine this time indication. However, there is no effective way to 
keep track of the time by the smart cards when the host system is not utilized by the 
cards. To enable the smart cards to determine certain operations (e.g., an expiration of 
a particular smart card), it may be preferable for the chip on the smart card to utilize a 
scheme where an approximate time indication can be obtained, without the necessity 
of connecting the smart card to the host system. Without using such scheme, if and 
when the smart card is subjected-to an attack (e.g., an unauthorized request for the ■« - 
financial information is made), the smart card may be vulnerable to receiving 
particular data which may have been maliciously modified. With this modified data, 
the smart card may be utilized in a fraudulent manner. 

SUMMARY OF THE INVENTION 

The system and method according to the present invention provides the 
security to prevent, detect, contain, and/or recover from potential counterfeit or 
fraudulent activities. With this system and method, it is possible to perform efficient 
command, control and communication with distributed smart cards which may be 
active in the market. Indeed, the system and method can perform purse (e.g., data on 
the card) to purse transactions, communicating without requiring the use of a central 
authorization entity. Accordingly, it is possible to update, enhance, replace and/or 
modify a cryptographical security, a purse class structure (e.g., a restriction of the 
interactions between different types of purses), a purse limit, an on-chip risk 
management capability (e.g., a credit turnover limit), etc. on the smart card. 

In an exemplary embodiment of the present invention, a method and 
system providing a communication between a first portable device (e.g. a smart card) 
having a first storage device and a second portable device (e.g., also a smart card) 
having a second storage device. This is done using, preferably, an authenticated 
system message. Such message may include a payload/command signed by an 
authenticated system message key (e.g., a global signing key). The first storage device 
stores thereon a first sequence number and a first key (e.g., a first global signing key), 
and the second storage device stores thereon a second sequence number and a second 
key (e.g., a second global signing key). The first sequence number is compared to the 
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second sequence number. If the second sequence number is newer than the first 
sequence number, a verification is performed using the first and second keys. Then, 
the first sequence number is set to have a value of the second sequence number if the 
verification succeeds. It is also possible to execute the command/payload carried in 
the message. 

The smart cards generally do not have internal clocks, and therefore do 
not have a concept of time. These cards can rely only- on the card reading device (e.g., 
a merchant terminal, ATM, etc.) to receive the time as known by such device time 
(local time, untrusted time) information. A "Sense of Time" scheme according to the 
present invention provides a "trusted time" on each smart card (e.g., the purse). This 
scheme provides an exchange of the trusted time when the purse performs a 
transaction. For example, the trusted time can be exchanged with another transacting 
purse/card as part of the message being sent from one purse to another, (e.g., an 
encrypted message). 

An embodiment of the system and method according to the present 
invention implements the "Sense of Time" scheme which utilizes an embedded 
trusted time provided within data that is associated with a value transfer protocol. 
The trusted time is transferred from purse/card to purse/card during the transactions. 
In another embodiment of the present invention, a "Sense of Time" global signing key 
can be utilized to sign the .trusted time .with a signature. When the purse/card receives 
a new trusted time, it authenticates the message before it accept the new time using its 
own "Sense of Time" global signing key. 

In one such embodiment of the present invention, the method and 
system (e.g. a smart card) are provided to determine an approximate current time 
using the first and second cards. In particular, the first sequence number is compared 
to the second sequence number. The first sequence number is indicative of a first time 
provided on the first card, and the second sequence number is indicative of a second 
time provided on the second card. If the second time is newer than the first time, a 
verification is performed using the first and second global signing keys, and the first 
sequence number is set to have a value of the second sequence number if the 
verification succeeds. 
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Another embodiment of the method and system is also provided to 
determine the approximate current time. In this embodiment, the first sequence 
number is also compared to the second sequence number. The first sequence number 
is indicative of a first time provided on the first card, and the second sequence number 
5 is indicative of a second time provided on the second card. If the first time is older 
than the second time, the first sequence number is set to have a value of the second 
sequence number (i.e., the time provided on the second card). Thus, the "time" of the 
first card is updated. 

The present invention is capable of providing the framework and 

10 capability to securely command, control, and communicate with some or all of the 
smart cards distributed in the market place whether or not these smart-cards are 
connected to their respective host systems. Accordingly, the present invention can 
provide a mechanism to deliver an application (or a "pay load" to each smart card 
(e.g., an active smart card) for renewing the respective card's security, updating the 

1 5 card's on-chip risk management scheme in a secure manner from a central command 
arrangement (e.g., a certificate authority). In addition, a reference point for time can 
be provided such as a "trusted" time can be provided from the central command 
arrangement for various uses on the smart card and/or the application (e.g., en 
enforcement card/application expiry, a resetting of the on-chip risk management 

20 parameters, etc.). Thus, an unnecessary external intervention or maintenance can be 
avoided which would make the system and method according to the present invention 
cost effective. One of the advantages of the present invention is that it can be applied 
to an operating system of the smart card, as well as to one, some or all of the 
applications on the smart card. The scheme according to the present invention enables 

25 a selective targeting of particular purses to apply re-customization procedures thereon. 
Thus, a flexible response to a potential threat to the smart card can be achieved. 
Furthermore, according to the present invention, the respective smart card may select 
a particular response (e.g., lock/lockout of the card) when a predetermined criteria is 
met. This system and method can be implemented as a separate security or risk 

30 management application on the smart card. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Exemplary embodiments of the present invention will now be 
described in detail with reference to the accompanying drawings in which: 

Figure 1 shows a command, control and communication infrastructure 
utilized by the system and method according to the present invention. 

. Figure 2 shows an exemplary embodiment of the system according the 
present invention, in which two smart cards are in communications with one another 
using an authenticated system message ("ASM"). 

Figure 3 shows an exemplary embodiment of the method according the 
present invention which utilizes ASM and the system of Figure 2. 

Figure 4 shows another embodiment of the system according the 
present invention in which two smart cards are in communications with one another 
using ASM. 

Figure 5 shows an exemplary embodiment of the method according the 
present invention which utilizes ASM and the system of Figure 4. 

Figure 6 shows yet another exemplary embodiment of the system 
according the present invention in which two smart cards are in communications with 
one another to determine a "trusted" time. 

Figure 7. shows an exemplary embodiment of the method according the 
present invention for determining the trusted time which utilizes the system of Figure 
6. 

Figure 8 shows another exemplary embodiment of the method 
according the present invention for determining the trusted time which utilizes the 
system of Figure 6. 

DETAILED DESCRIPTION 
Figure 1 shows a command, control and communication ("C3") 
infrastructure utilized by the system and method according to the present invention. In 
particular, a certificate authority 10 (e.g., a Mondex® system) can transmit a message 
which is signed by a global authenticated system message ("ASM") key or by a 
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trusted time message ("TIME") key to a territory originator 20. Such message shall be 
referred herein below as the ASM command and the TIME command, respectively. It 
is also possible for the certificate authority 1 0 to communicate with other certificate 
authorities (e.g., an additional certificate authority 1 8) by providing the ASM 

5 commands there between. 

The certificate authority 10 should preferably be the only system (or 
one of a few systems) which is authorized to generate the ASM commands or the 
TIME commands. In this manner, the sensitive information provided in the ASM or 
TIME commands would be known only to the certificate authority 10. The territory 

1 0 originator 20 can function as a "central bank" providing electronic cash by regulating 
the electronic monetary activities (e.g., e-cash activities) in its territory. Preferably, a 
scheme which utilizes the smart cards for storing the electronic cash can be used to 
substitute the utilization of a "real" wallet which holds "real" money. The territory 
originator 20 issues electronic cash to member banks, and can also issue new smart 

1 5 cards 25 to a merchant 40 and/or a consumer 50. These smart cards 25 may include 
executable ASM and/or TIME applications thereon, along with other applications 
such as credit/debit applications. The territory originator 20 can also communicate 
with other territory originators (e.g., an additional territory originator 28). It should 
be understood that any reference herein to the smart cards is equally applicable to 

20 other portable processing devices. . „ ....... ... 

The territory originator 20 passes the ASM commands to its member 
30. In turn, the member 30 passes the ASM commands to its merchant 40 and/or 
consumer 50 when they interact with the member 30. At least portions of the ASM 
commands can be stored on the smart cards 25, 35, 45, 55 to enable these smart cards 

25 to communicate between one another. The member 30 is preferably a financial 

institution (e.g., a commercial bank and/or a bank branch) which transacts using "e- 
cash" to/from consumers and merchants. It is also possible for the member 30 to 
transact with other members, e.g., an additional member 38, using u e-cash" or some 
other way to transact electronically. The member 30 can also issue smart cards 35 

30 (which are the same as or similar to the smart cards 25 described above) to the 
merchant 40 and/or the consumer 50. 
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The merchants can transact with the consumer 50, and with other 
merchants (e.g., the additional merchant 60). The consumer 50 can transact with the 
member 30, the merchant 40 and/or the additional consumer 70. Such transactions are 
accomplished on a "chip-to-chip" transaction basis. In particular, it is possible to 

5 provide the electronic communications between the chips of the smart cards (or other 
portable processing devices) without requiring a connection of these smart cards to a 
host server. Thus, it is possible to transmit the ASM command from one smart card to 
another in a location where the transaction takes place, without the need for providing 
an intermediary host server to facilitate such transfer. For example, the merchant 40 

10 can transmit and/or receive the electronic monetary funds (e.g., "e-cash") to and from 
the consumer 50 for a particular transaction. Such transaction may be a payment for a 
specific service, or a refund to the consumer 50 for returning a damaged item. In 
addition, the member 40 can transact with the additional member 60. 

A. AUTHENTICATED SYSTEM MESSAGE (ASM) HANDSHAKING 

15 SCHEME 

Using the present invention, it is possible to change or verify the 
parameters and/or data provided on the chip of the smart card or of other portable 
processing devices (e.g., remotely and securely) by providing the ASM commands to 
the smart cards or devices. Figure 2 shows an exemplary embodiment of the system 

20 according to the present invention which utilizes the ASM scheme. In particular, each 
smart card 100, 150 (or portable processing devices) shown in Figure 2 includes a 
chip which stores certain information for the respective smart card. The chip of the 
first smart card 100 stores and maintains thereon first data 105 and second data 107 
for the first card 100, while the chip on the second card 150 stores and maintains 

25 thereon first data 1 55 and second data 1 57 for the second card 1 50. The first data 1 05 
of the first card 100 includes a first number 1 10 (e.g., a first sequence number 
SEQla), at least one value transfer protocol key (the "VTP Key 1") 120, and a second 
number 130 (e.g., a second sequence number SEQlb). The second data 107 
preferably has at least one ASM global signing key 140 (the "ASM GS Key 1"). 
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As with the first card 100, the first data 155 of the second card 1 50 also 
includes its own first number 160 (e.g., a first sequence number SEQ2a), at least one 
value transfer protocol key (the "VTP Key 2") 170, and a second number 1 80 (e.g., a 
second sequence number SEQ2b). In addition, the second data 1 57 of the second card 
150 has at least one ASM global signing key 190 (the "ASM GS Key 2 H )- Preferably, 
each of the ASM GS Key 1 and the ASM GS Key 2 includes a public key portion and 
a private key portion, i.e., a public-private key pair. Such key pairs are is generally 
used for encrypting and decrypting data, and are well known to those having ordinary 
skill in the art. It should be understood that each of the first and second global signing 
keys 140, 190 may also be a global cryptographic key. Such cryptographic key can be 
used for providing verifications, signatures and/or encryptions, and may be symmetric 
or asymmetric. 

The first and second sequence numbers of each of the smart card 100, 
150 (i.e., SEQla, SEQlb, SEQ2a, SEQ2b, respectively) are provided as ASM 
sequence number blocks. Thus, each sequence number is unique so as to avoid 
multiple applications of the same message. Indeed, the first and second sequence 
numbers can be hash values. The VTP Key 1 and the VTP Key 2 are also a unique 
public and private key pair, i.e., the VTP key on each smart card is different from all 
VTP Keys provided on other smart cards. According to a preferred embodiment of 
the present invention, at least one of these ASM number blocks is provided between 
the data blocks of the VTP Keys (e.g., VTP Key 1 and VTP Key 2), i.e., "sprinkled" 
between the VTP Keys. 

In addition, each of the sequence numbers may have the values that do 
not necessarily increasing in a monotonic manner so as to reflect that a particular 
sequence number is newer than another sequence number. For example, such value 
can be decoded using modulo of one thousand so as to provide a sequence number. In 
addition, an integer multiple of a thousand may reveal a target code. 

When the transaction is initiated between the first card 100 and the 
second card 150, the first sequence number SEQla and/or the second sequence 
number SEQlb of the first card 100 are associated with the VTP Key 1 (either before 
the transaction or at the time thereof). The first sequence number SEQ2a and/or the 
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second sequence number SEQ2b of the second card 150 are associated with the VTP 
Key 2. For example, the first sequence number of each of the first and second cards 
100, 150 may be utilized for "non-reset" actions on the smart cards. The first 
sequence number (e.g., SEQla, SEQ2a) is generally used in emergency cases, and 
5 possibly may require the utilization of the respective ASM GS Key for a verification. 
On the other hand, the second sequence number of the first and second smart cards 
100 ' 150 can be used for a "reset" action (such as resetting the parameters provided on 

the chip). The second sequence number (e.g., SEQlb, SEQ2b) is generally provided 
for a routine maintenance, and does not require the ASM GS Key exchange (and thus 
1 0 requires no verification). When a communication occurs between the first card 1 00 
and the second card so as to initiate a transaction, the sequence number and the 
associated VTP Key are bundled together seamlessly in one card, and transmitted to 
the other card. 

Generally, each of the first card 1 00 and the second card 1 50 may be 
1 5 electronically connected to one another via,.e.g., a smart card reading arrangement 

(e.g., a Mondex® card reading device which is not shown in the drawings for the sake 
of simplicity). Such arrangement may include a power source for providing the 
necessary power to each of the smart cards 100, 150. In addition, the smart card 
reading arrangement can facilitate the communication between the smart cards 
, 20 connected thereto. Using the provided power, the processor provided on the chip of 
the connected smart card can execute instructions, and transmit and/or receive data to 
the host complete or another smart card (as well as receive the data therefrom). The 
smart card reading arrangement described above are generally known to those having 
ordinary skill in the art. 

Figure 3 shows an exemplary embodiment of the method according to 
the present invention which utilizes the above-referenced data on the smart cards and 
the ASM scheme. In step 200, the first card 100 and/or the second card 1 50 initiate 
the transaction. At that time, the first data 105 of the first card 100 (i.e., the first 
sequence number SEQla, the VTP Key 1, and the second sequence number SEQlb) 
and the first data 155 of the second card 150 (i.e., the first sequence number SEQ2a, 
the VTP Key 2, and the second sequence number SEQ2b) are exchanged, e.g., via the 



25 



30 
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smart card reading arrangement. In step 210, the chip of either the first card 100 
and/or the second card 150 determines if the first sequence number SEQla of the first 
card 100 is equal to the first sequence number SEQ2a of the second card 150. 

If the first sequence numbers of the first and second cards 100, 150 are 
5 not equal, a verification is performed in step 220 (by the first card 1 00 and/or the 
second card 150) to determine if at least a portion of the ASM GS Key 1 of the first 
card 100 corresponds to at least a portion of the ASM GS Key 2 of the second card 
1 50. For example, the portion of each of the ASM AG Keys being compared is a 
public key portion. In an exemplary case, the first sequence number SEQ2a of the 

10 second card 150 is newer than the first sequence number SEQla of the first card 100. 
Thus, if the verification fails (i.e., the respective portions do not correspond), the 
transaction is suspended, this failure is recorded in an incident log (step 230), and the 
communication between the cards can be terminated. The incident log may be resident 
on the chip of the first card 100, the chip of the second card 150 and/or a memory 

1 5 arrangement of the host system. In this scenario, if the verification in step 220 

succeeds (i.e., the respective portions correspond to one another), the first sequence 
number SEQla of the first card 100 is modified to have the first sequence number 
SEQ2a of the second card 150 by, e.g., transmitting the ASM command (or applied) 
from the second card 1 50 to the first card 100 (e.g., to provide a particular e-cash 

20 amount) in step 240, and the transaction is continued (step 260). 

If, in step 210, the first sequence numbers SEQla, SEQ2a of the first 
and second cards 100, 150 are equal, it is determined (using the first card 100 and/or 
the second card 150) if the second sequence number SEQlb of the first card 100 is 
equal to the second sequence number SEQ2b of the second card 150 (step 270). If so, 

25 the transaction is continued without sending the ASM command (step 260). 

Otherwise, the ASM command is transmitted from the second card 150 to the first 
card 100 (step 280), and the transaction is continued (step 260). 

The above exemplary scheme prevents an unauthorized modification 
of the smart cards since it is unlikely for a counterfeiter to dissect the first data of the 

30 respective smart card (e.g., the first data 107 which includes the first sequence number 
SEQla, the VTP Key 1, the second sequence number SEQlb of the first card 100), 



WO 01/09852 



PCT/US00/20458 



12 

and counterfeit it. In addition, the certificate authority 10 does not provide a global 
signing key (which is necessary for the ASM verification) to the counterfeiter. Thus, 
by using the scheme described above, the data stored on the smart cards cannot be 
modified by the counterfeiter. 

5 For example, in a situation where the counterfeiter modifies the data on 

the smart card (e.g., the e-cash amount), he/she can potentially transfer a counterfeit 
value to the legitimate purses. However, once a response is initiated by sending the 
ASM command (e.g., by transmitting the first sequence number SEQ2a to the first 
card 100 to be the first sequence number SEQla of the first card 100), the counterfeit 

10 purse (i.e., the counterfeit data) encounters the legitimate purse with the updated ASM 
sequence number. As described above with reference to Figure 3, the transaction fails, 
at least because the counterfeit purse does not have a global signing key. 

Using the system and method according to the present invention which 
utilize the above described ASM scheme, it is possible to provide a dynamic 

15 customization of the on-chip parameters, if necessary, when one smart card contacts 
another smart card (e.g., communicating between the purses of the respective smart 
cards). It is also possible to reset the on-chip parameters, and to facilitate the 
loading/unloading of related applications unto the chips of the smart cards, and to 
update the security on the chip. 

20 - . , Figure 4 shows another exemplary embodiment of the system - ~ 

according to the present invention which utilizes the ASM scheme. The system shown 
in Figure 4 is similar to the system illustrated in Figure 2. However, the first and 
second data 105\ 155' of Figure 4 have different formats from the formats of the first 
and second data 105, 155 of Figure 2, respectively. 

25 In particular, while the first data 105' includes a first number 110' (e.g., 

a sequence number SEQ1) and at least one value transfer protocol key (the "VTP Key 
1 ") 120', the first data 105' does not have to include a second number 130 illustrated 
in Figure 2. Indeed, the second number 130' of the first data 105 f is indicated as 
"Other" in Figure 4, and is not necessarily a second sequence number. In this 

30 embodiment, the second data 1 07 also has at least one ASM global signing key 140 
(the "ASM GS Key 1") which has been described in greater detail above. 
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Similarly, the second data 155 f includes a first number 160' (e.g., a 
sequence number SEQ2) and at least one value transfer protocol key (the "VTP Key 
2") 170', but does not have to include a second number 180 illustrated in Figure 2. As 
provided in Figure 4, the second number 1 70' of the second data 155' is also indicated 
5 as "Other" in Figure 4, and is not necessarily the second sequence number. 

Furthermore, the second data 157 has at least one ASM global signing key 190 (the 
"ASM GS Key 2")- The details of the format and possible contents of the ASM GS 
Key 1 and ASM GS Key 2 have been described above in greater detail. The sequence 
numbers of each of the smart cards 100, 150 of this embodiment (i.e., SEQ1, SEQ2) 
10 can also be provided as the ASM sequence number blocks, and thus each sequence 
number is unique so as to avoid multiple applications of the same message, i.e., hash 
values. A detailed description of the sequence numbers is provided above with 
reference to Figure 2. 

In this exemplary embodiment, the sequence number SEQ1 of the first 
1 5 data 1 05' is associated with the VTP Key 1 , and the sequence number SEQ2 of the 

second data 155' is associated with the VTP Key 2 (either before the transaction or at 
the time thereof). When the communication occurs between the first card 100 and the 
second card to initiate the transaction, the ASM sequence number and VTP Key are 
bundled together seamlessly, and transmitted to the other purse (i.e., the smart card). 
20 Figure 5 shows another exemplary embodiment of the method 

according to the present invention which utilizes the above-referenced data on the 
smart cards and the ASM scheme illustrated in Figure 4. In step 600, the first card 100 
and/or the second card 1 50 initiate a transaction. At that time, the sequence number 
SEQ1 and the VTP Key 1 of the first data 105 1 of the first card 100 and the sequence 
25 number SEQ2 and the VTP Key 2 of the second data 155' of the second card 150 are 
exchanged, e.g., via the smart card reading arrangement. In step 610, either the first 
card 100 and/or the second card 150 determines if the sequence number SEQ1 of the 
first card 100 is equal to the sequence number SEQ2 of the second card 150. 

If the sequence numbers SEQ1, SEQ2 of the first and second cards 
30 100, 1 50 are not equal, a verification is performed in step 620 (by the first card 100 
and/or the second card 150) to determine if at least a portion of the ASM GS Key of 
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the first card 100 corresponds to at least a portion of the ASM GS Key 2 of the second 
card 150. As described above for Figure 3, the portion of each of the ASM AG Keys 
being compared can be a public key portion. In an exemplary case, the sequence 
number SEQ2 of the second card 150 is newer than the sequence number SEQ1 of the 

5 first card 100. Thus, if the verification fails (i.e., the respective public key portions do 
not correspond), the transaction is suspended, this failure is recorded in the incident 
log (step 630), and the communication between the cards is terminated. However, if 
the verification in step 620 succeeds (i.e., the respective public key portions 
correspond to one another), the sequence number SEQ1 of the first card 100 is 

10 modified to have the sequence number SEQ2 of the second card 150 (step 640) by 

transmitting an ASM command from the second card 150 to the first card 100 (e.g., to 
provide a particular e-cash amount and/or payload). Thereafter, the transaction is 
continued (step 650). If, in step 610, the sequence numbers of the first and second 
cards 100, 150 correspond to one another, the transaction is also continued (step 650). 

1 5 In yet another exemplary embodiment of the system and method of the 

present invention, it is possible to ensure that the ASM Keys (i.e., ASM GS Key 1, 
ASM GS Key 2, etc.) are used only once for a respective card. For example, it is 
possible to generate a particular number (e.g., twelve) of hashed sequence numbers, 
and a corresponding number of the ASM keys. Then, the hashed sequence numbers 

20 are associated with the corresponding ASM keys. An exemplary table showing the 
hashed sequence numbers and the ASM Key correspondence is provided below. 



25 



Hashed Sequence # 


ASM keys 


Default 


No Key 


Seq. No. 1 


Key 1 






Seq. No. 12 


Key 12 



If a default sequence number is used, no ASM key are invoked. In this 
embodiment, only when the first card 100 and/or the second card 150 encounter a 
different sequence number, such card checks the sequence number-key pair, and the 
30 communication between the cards 100, 150 is initiated using the appropriate key (e.g., 
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when the sequence number is invoked, Key 1 is used for the authentication with the 
transacting purse/card). When the transacting purse encounters a new purse (i.e. a 
new card), only one communication handshake can be performed with Key 1 between 
the two cards. The new ASM command is issued with a different sequence number, 

5 and a new corresponding ASM key is necessary to perform the communication 
handshake between the cards. One of the advantages of associating the sequence 
numbers which correspond to the ASM keys is that for each ASM command, a 
different ASM key must be used (i.e., only once) between the two purses/cards. This 
exemplary embodiment of the present invention prevents a counterfeit ASM key to be 

10 used more than once, e.g., by using the ASM key only once. Otherwise, if a single 
global ASM key is used, this global ASM key is utilized for the communication 
handshake each time the ASM command is issued. In addition, it is possible to limit 
the number of the ASM commands that can be issued for each card. In the example 
discussed above, only twelve (12) ASM commands can be issued over the life of the 

15 particular purse/card. 

B. "SENSE OF TIME" SCHEME 

There are two ways to implement the "Sense of Time" scheme which 
shall be described below in greater detail. To summarize, an exemplary embodiment 
of the method according to the present invention utilizes an embedded, "trusted" time- 

20 within a value transfer protocol (e.g., a crypto- signature block) in the storage device 
of a particular card. When the particular card transacts with another card (e.g., the 
purse), the trusted time is provided from the original card to the other card with which 
the original card transacts. Thus, the migration of the "trusted" time occurs from the 
chip of one card to the chip of the other card. 

25 Another embodiment of the method according to the present invention 

utilizes a "Sense of Time" global signing key to sign the trusted time with a 
"signature". When the purse/card receives a new trusted time, it authenticates the 
message before accepting the new time using its own "Sense of Time" global signing 
key. Using the "Sense of Time" scheme as described in further detail below, it is 

30 possible to enforce the expiration requirements of the purse/card, reset on-chip risk 
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management parameters and/or other parameters on the purse/card, etc. The trusted 
time can be propagated using an ASM distribution channel or via an issuance of new 
cards. 

The TIME commands can be transmitted using the C3 infrastructure as 
5 shown in Figure 1 . For example, the TIME command can be passed from the 

certificate authority 10 to the territory originator 20 when they transact. Then, the 
territory originator 20 may pass the TIME command to the member 30 (e.g., the , 
financial institution). Thereafter, the member 30 can pass the TIME command to their 
consumer(s) 50 and/or merchant(s) 40 when they interact with each other. When a 

10 new purse/card is issued, it includes the latest trusted time, and when the new purse 
transacts with other purse, it transmits the latest time to the transacting purse. The 
communication between the certificate authority 10 and territory originator 20, as well 
as between the territory originator 20 and their respective member(s) 30 can be 
activated on demand, and thus, the trusted time can also be provided on demand. 

1 5 Figure 6 shows an exemplary embodiment of the system according to 

the present invention which utilizes the "Sense of Time" scheme. The smart cards 
300, 350 shown in Figure 6 include data similar to the data illustrated in Figure 2. The 
only difference is that the second data 107, 157 of the first and second cards 300, 350, 
respectively are different from the second data 307, 357 of the first and second cards 

20 300, 350, respectively. In particular, each of the second data 307, 357 include at least 
one TIME global signing key 340, 390 (i.e., the TIME GS Key 1 and TIME GS Key 
2). In addition, the second sequence numbers SEQlb, SEQ2b have the most recent 
time data for the respective cards. It is also possible to utilize other sequence numbers 
(e.g., SEQla, SEQ2a) to have the most recent time data. Furthermore, the TIME 

25 global signing keys are not used in one of the embodiments described below. This 
embodiment can also be implemented with the embodiment of the method of the 
present invention shown in Figure 5 which utilizes the ASM scheme. Indeed, since 
the embodiment shown in Figure 5 does not utilize the second sequence numbers 
SEQlb, SEQ2b, and the embodiment shown in Figure 7 does not use the first 

30 sequence numbers SEQla, SEQ2a, it is possible to implement the ASM and TIME 
schemes simultaneously using the embodiments shown in, e.g., Figures 5 and 7. 
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Figure 7 shows a first exemplary embodiment of the method according 
to the present invention which utilizes the "Sense of Time" scheme. In step 400, the 
first card 300 and/or the second card 350 initiate a transaction. At that time, the first 
data 105 of the first card 300 (i.e., the first sequence number SEQla, the VTP Key 1, 

5 the second sequence number SEQlb) and the first data 355 of the second card 350 
(i.e., the first sequence number SEQ2a, the VTP Key 2, the second sequence number 
SEQ2b) are exchanged, e.g., via the smart card reading arrangement described above. 
In step 410, either the first card 300 and/or the second card 350 determine if the 
second sequence number SEQlb of the first card 300 is equal to the second sequence 

10 number SEQ2b of the second card 350. 

If the second sequence numbers of the first and second cards 300, 350 
are not equal, in step 420, it is determined (by the first card 300 and/or the second 
card 350) if the second sequence number SEQ2b of the second card 350 is older than 
the second sequence number SEQlb of the first card 300, i.e., the time of the second 

15 card 350 is older than the time of the first card 300. If so, the second sequence number 
SEQ2b of the second card 350 is set to have the value of the second sequence number 
SEQlb of the first card 300 (step 430). Otherwise, the second sequence number 
SEQlb of the first card 300 is set to have the value of the second sequence number 
SEQ2b of the second card 350 (step 440). Then, if the trusted time triggers a 

20 particular action, that action is performed in step 445. Then, (unless the action is step 
445 halts the operation) the transaction is proceeded in step 450. 

Figure 8 shows a second exemplary embodiment of the method 
according to the present invention which utilizes the "Sense of Time" scheme. In step 
460, the first card 300 and/or the second card 350 initiate a transaction. At that time, 

25 the first data 105 of the first card 300 (i.e., the first sequence number SEQla, the VTP 
Key 1 , the second sequence number SEQlb) and the first data 355 of the second card 
350 (i.e., the first sequence number SEQ2a, the VTP Key 2, the second sequence 
number SEQ2b) are exchanged, e.g., via the smart card reading arrangement. In step 
470 (and as described above with reference to Figure 7), the first card 300 and/or the 

30 second card 350 determine if the second sequence number SEQ1 b of the first card 300 
is equal to the second sequence number SEQ2b of the second card 350. 
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If the second sequence numbers of the first and second cards 300, 350 
are not equal, in step 470, a verification is performed in step 480 (by the first card 300 
and/or the second card 350) to determine if at least a portion of the TIME GS Key 1 
of the first card 300 corresponds to at least a portion of the TIME GS Key 2 of the 
5 second card 350. As described above with reference to Figure 3, the portion of each of 
the TIME GS Keys being compared can be a public key portion. In an exemplary 
case, the second sequence number SEQ2b of the second card 350 is newer than the. 
second sequence number SEQlb of the first card 300. Thus, if the verification fails 
(e.g., the respective public key portions do not correspond), the transaction is 

10 suspended, this failure is recorded in the incident log (step 485), and the 

communication between the cards is terminated. If the verification in step 480 
succeeds (i.e., the respective portions correspond to one another), the second sequence 
number SEQlb of the first card 300 is modified to have the second sequence number 
SEQ2b of the second card 350 (step 490). In addition, the TIME GS Key 2 of the 

15 second card 350 may substitute TIME GS Key 1 of the first card 300. Then, in step 
495, the transaction is continued. If, in step 470, the second sequence numbers of the 
first and second cards 300, 350 correspond to one another, the transaction is continued 
(step 495). For this embodiment, it is preferable if each smart card 300, 350 has a 
unique TIME global signing key, as well as a unique value transfer protocol key. 

20 It should be appreciated that those skilled in the art will be able to 

devise numerous systems and processes which, although not explicitly shown or 
described herein, embody the principles of the invention, and are thus within the spirit 
and scope of the present invention. 
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CLAIMS 

1 . A method for communicating between a first portable device having a first 
storage device and a second portable device having a second storage device, the first 
storage device storing thereon a first sequence number and a first key, the second 

5 storage device storing thereon a second sequence number and a second key, the 
method comprising the steps of: 

comparing the first sequence number to the second sequence number; 
if the second sequence number is newer than the first sequence 
number, performing a verification using the first and second keys; and 
10 setting the first sequence number to have a value of the second 

sequence number if the verification succeeds. 

2. The method according to claim i , wherein the first key is a first global signing 
key, and the second key is a second global signing key, and wherein the verification is 
performed by comparing at least one first portion of the first global signing key to at 

1 5 least one second portion of the second global signing key. 

3. The method according to claim 2, wherein the verification succeeds when the 
at least one first portion corresponds to the at least one second portion. 

4. The method according to claim 2, wherein each of the first and second global 
signing keys includes a private key and a public key, and wherein the verification is 

20 performed using the respective public keys. 

5. The method according to claim 1, wherein the first portable device is a first 
card, and the second portable device is a second card, and further comprising the step 
of: 

after the setting step, performing a transaction between the first card 
25 and the second card. 
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6. The method according to claim 1, wherein the first portable device is a first 
card, and the second portable device is a second card, and further comprising the step 

of: 

if the verification fails, suspending a transaction between the first card 
5 and the second card. 

7. The method according to claim 1 , further comprising the step of: 

if the verification fails, recording a failure of the verification in at least 
one of the first storage device and the second storage device. 

8. The method according to claim 1, wherein the first portable device is a first 
10 card, and the second portable device is a second card, and further comprising the step 

of: 

if the first sequence number and the second sequence number are 
equal, performing a transaction between the first card and the second card. 

9. The method according to claim I, wherein the first portable device is a first 
1 5 card, and the second portable device is a second card, wherein the setting step is 

performed by transmitting an authenticated system message ("ASM") command from 
the second card to the first card, and wherein at least one of the first and second cards 
sets the second sequence number. 

10. The method according to claim 1, wherein the first portable device is a first 
20 card, and the second portable device is a second card, and wherein the first storage 

device stores a third sequence number thereon, wherein the second storage device 
stores a fourth sequence number thereon, and further comprising the steps of: 

if the first sequence number and the second sequence number are 
equal, determining whether the third sequence number corresponds to the fourth 
25 sequence number; and 

if the third sequence number does not correspond to the fourth 
sequence number, transmitting an authenticated system message ("ASM") command 
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from a particular card of the first and second cards having a newer number of the third 
and fourth sequence numbers to another card of the first and second cards. 

1 1 . The method according to claim 10, wherein the ASM command is transmitted 
without setting the first sequence number to have the value of the second sequence 

5 number. 

12. The method according to claim 10, further comprising the step of: 

if the third sequence number corresponds to the fourth sequence 
number, performing a transaction between the first card and the second card. 

13. The method according to claim 1 , wherein the first key is a first global signing 
10 key, and the second key is a second global signing key, and wherein the first global 

signing key relates to the first sequence number, and the second global signing key 
relates to the second sequence number.- 

14. The method according to claim 1, wherein the first key is a first global signing 
key, and the second key is a second global signing key, and wherein the first global 

15 signing key is associated with a first value transfer protocol ("VTP") key, and the 
second global signing. key is associated with a second VTP key,.the first VTP key . 
being stored in the first storage device, the second VTP key being stored in the second 
storage device. 

15. The method according to claim 1 , wherein each of the first portable device and 
20 the second portable device includes a processing device. 

1 6. The method according to claim 1 , further comprising the steps of: 

receiving an authenticated system message which includes a command; 

and 



executing the command. 
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17. The method according to claim 1, wherein the first portable device is a first 
card, and the second portable device is a second card, and further comprising the step 
of: 

providing an application to at least one card of the first and second 
5 cards, the application is provided for at least one of: 

renewing a security feature of the at least one card, and 
updating a security scheme of the at least one card on-chip risk. 

1 8. The method according to claim 1 , further comprising the step of: 

providing a reference point for time to at least one of the first and 
1 0 second portable devices from a central command arrangement. 

19. The method according to the claim 1, further comprising the steps of: 

enabling a selective targeting of at least one device of the first and 
second portable devices; and 

applying re-customization procedures on the at least one device. 

1 5 20. The method according to the claim 19, further comprising the step of: 
selecting a particular response by the at least one device when a 
predetermined criteria is met. .. _ 

21. The method according to claim 1 , wherein the first key is a first global signing 
key, and the second key is a second global signing key, and wherein the verification is 

20 performed by comparing cryptograms which are related to the first global signing key 
and the second global signing key. 

22. The method according to claim 20, further comprising the steps of: 

generating the cryptograms by one of the first portable device and the 
second portable device; and 
25 verifying the cryptograms using another one of the first portable device 

and the second portable device. 
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23. The method according to claim 20, wherein the cryptograms are generated by 
a central authority. 

24. The method according to claim I, wherein the first portable device is a first 
card, arid the second portable device is a second card, and further comprising the step 

5 of: 

after the setting step, modifying stored parameters of at least one of the 
first and second cards to at least one of suspend, permit and modify subsequent 
operations between the first and second cards or other cards. 

25. A portable device which is capable of performing a transaction with a further 
1 0 portable device, comprising: 

a storage device storing a first sequence number and a first key; and 
a processing device performing the following: 

receives a second sequence number and a second key from the further 

portable device, 

15 compares the first sequence number to the second sequence number, 

if the second sequence number is newer than the first sequence 
number, performs a verification using the first and second keys, and 
sets the first sequence number to have a value of the second sequence 
number if the verification succeeds. 

20 26. The portable device according to claim 25, wherein, if the verification fails, 
the processing device suspends the transaction with the further portable device, and 
records a failure of the verification. 

27. The portable device according to claim 25, wherein, if the first sequence 
number and the second sequence number are equal, the processing device performs 
25 the transaction with the further portable device. 
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28. The portable device according to claim 25, wherein the storage device stores a 
third sequence number thereon, and wherein the processing device performs the 
following: 

if the first sequence number and the second sequence number are 
5 equal, and determines whether the third sequence number corresponds 

to a fourth sequence number of the further portable device. 

29. The portable device according to claim 28, wherein, if the third sequence 
number corresponds to the fourth sequence number, the processing device performs 
the transaction with the further portable device. 

10 30. The portable device according to claim 25, wherein the portable device is a 
smart card, and wherein the further portable device is a further smart card. 

3 1 . The portable device according to claim 25, wherein the first key is a global 
signing key, and wherein the second key is a second global signing key. 

32. A method for determining an approximate current time using a first portable 
1 5 device and a second portable device, the first portable device having a first storage 

device, the second portable device having a second storage device, the first storage 
device storing thereon a first sequence number, the second storage device storing 
thereon a second sequence number, the method comprising the steps of: 

comparing the first sequence number to the second sequence number, 
20 the first sequence number being indicative of a first time provided on the first portable 
device, the second sequence number being indicative of a second time provided on the 
second portable device; and 

if the first time is older than the second time, setting the first sequence 
number to have a value of the second sequence number. 

25 33. The method according to claim 32, further comprising the step of: 
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if the second time is older than the first time, setting the second 
sequence number to have a value of the first sequence number. 

34. The method according to claim 33, further comprising the step of: 

after the setting step and if the first time is not equal to the second 
5 time, executing an action which is triggered by at least one of the first sequence 
number and the second sequence number. 

35. The method according to claim 34, wherein the first portable device is a first 
card, and the second portable device is a second card, and further comprising the step 
of: 

10 after the executing step and if the first time is not equal to the second 

time, performing a transaction between the first card and the second card. 

36. The method according to claim 32, wherein the first portable device is a first 
card, and the second portable device is a second card, and further comprising the step 
of: 

15 if the first time is equal to the second time, performing a transaction 

between the first card and the second card. 

37. A portable device which is capable of determining an approximate current 
time during a communication with a further portable device, comprising: 

a storage device storing a first sequence number; and 

20 a processing device performing the following: 

receives a second sequence number from the further portable device, 
compares the first sequence number to the second sequence number, 
the first sequence number being indicative of a first time provided on 
the portable device, the second sequence number being indicative of a 

25 second time provided on the further portable device, and 
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executes one of the following actions: 

if the first time is older than the second time, sets the first 
sequence number to have a value of the second sequence 
number, and 

5 if the second time is older than the first time, sets the second 

sequence number to have a value of the first sequence number. 

38. The portable device according to claim 37, wherein, if the first time is not 
equal to the second time, the processing device executes a particular action which is 
triggered by at least one of the first sequence number and the second sequence 

10 number. 

39. The portable device according to claim 37, 

wherein the portable device is a smart card, and the further portable device is a 
further smart card, and 

wherein, after the execution of the particular action and if the first time is not 
1 5 equal to the second time, the processing device performs a transaction between the 
smart card and the further smart card. 

40. The portable device according to claim 37, 

wherein the portable device is a smart card, and the further portable device is a 
further smart card, and 
20 wherein, if the first time is equal to the second time, the processing device 

performs a transaction between the smart card and the further smart card. 

41 . A method for determining an approximate current time using a first portable 
device and a second portable device, the first portable device having a first storage 
device, the second portable device having a second storage device, the first storage 

25 device storing thereon a first sequence number and a first key, the second storage 
device storing thereon a second sequence number and a second key, the method 
comprising the steps of: 
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comparing the first sequence number to the second sequence number, 
the first sequence number being indicative of a first time provided on the first portable 
device, the second sequence number being indicative of a second time provided on the 
second portable device; 
5 if the second time is newer than the first time, performing a 

verification using at least one of the first and second keys; and 

setting the first sequence number to have a value of the second 
sequence number if the verification succeeds. 

42. The method according to claim 41 , further comprising the steps of: 

10 generating the cryptograms by one of the first portable device and the 

second portable device; and 

verifying the cryptograms using another one of the first portable device 
and the second portable device. 

43. The method according to claim 41 , wherein the first key is a first global 

15 signing key, and the second key is a global signing key, and wherein the verification 
is performed by comparing at least one first portion of the first global signing key to 
at least one second portion of the second global signing key. 

44. The method according to claim 43, wherein the verification succeeds when the 
at legist one first portion corresponds to the at least one second portion. 

20 45. The method according to claim 43, wherein each of the first and second global 
signing keys includes a private key and a public key, and wherein the verification is 
performed using the respective public keys. 

46. The method according to claim 4 1 , wherein the first portable device is a first 
card, and the second portable device is a second card, and further comprising the step 
25 of: 
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after the setting step, performing a transaction between the first card 
and the second card. 

47. The method according to claim 4 1 , wherein the first portable device is a first 
card, and the second portable device is a second card, and further comprising the step 
of: 

if the verification fails, suspending a transaction between the first card 
and the second card. 

48. The method according to claim 4 1 , further comprising the step of: 

if the verification fails, recording a failure of the verification in at least 
one of the first storage device and the second storage device. 

49. The method according to claim 4 1 , wherein the first portable device is a first 
card, and the second portable device is a second card, and further comprising the step 
of: 

if the first time and the second time are equal, performing a transaction 
between the first card and the second card. 

50. The method according to claim 4 1 , 

wherein the first portable device is a first card, and the second portable device 
is a second card, 

wherein the setting step is performed by transmitting an authenticated system 
message command from the second card to the first card, and 

wherein at least one of the first and second cards sets the second sequence 
number. 

51. The method according to claim 4 1 , wherein the first key is a first global 
signing key, and the second key is a global signing key, and wherein the first global 
signing key relates to the first sequence number, and the second global signing key 
relates to the second sequence number. 
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52. The method according to claim 41 , wherein the first key is a first global 
signing key, and the second key is a global signing key, and wherein the first global 
signing key is associated with a first value transfer protocol ("VTP") key, and the 
second global signing key is associated with a second VTP key, the first VTP key 
5 being stored in the first storage device, the second VTP key being stored in the second 
storage device. 



53. The method according to claim 41, wherein each of the first portable device 
and the second portable device includes a processing device. 

54. A portable device which is capable of determining an approximate current 
10 time during a communication with a further portable device, comprising: 

a storage device storing a first sequence number and a first key; and 
a processing device performing the following: 

receives a second sequence number and a second key from the further 

portable device, 

15 compares the first sequence number to the second sequence number, 

the first sequence number being indicative of a first time provided on 
the portable device, the second sequence number being indicative of a 
second time provided on the further portable device, 
if the second time is newer than the first time, performs a verification 

20 using the first and second keys, and 

sets the first sequence number to have a value of the second sequence 
number if the verification succeeds. 

55. The portable device according to claim 54, wherein, if the verification fails, 
the processing device suspends the transaction with the further portable device, and 

25 records a failure of the verification. 



56. The portable device according to claim 54, wherein, if the first sequence 
number and the second sequence number are equal, the processing device performs 
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the transaction with the further portable device. 

57. The portable device according to claim 54, wherein the portable device is a 
smart card, and wherein the further portable device is a further smart card. 

58. The portable device according to claim 54, wherein the first key is a first 
5 global signing key, and the second key is a second global signing key. 



WO 01/09852 



PCT/US00/204S8 



18 



ADDITIONAL 
CERTIFICATE 
AUTHORITY 




CERTIFICATE 
AUTHORITY 



28 

r ~ADDmONAL _ ~] 
! TERRITORY - 



L 



ORIGINATOR 



38 

r— ^--n 

I ADDITIONAL I 
I MEMBER I 

I I 



| ADDITIONAL' /^ 60 
! MERCHANT j 



40 



MERCHANT 



20 



TERRITORY 
ORIGINATOR 



30 



MEMBER 



NEW CARD 



25 



35 



NEW CARD 



CONSUMER 



70 

J 




r — JL— 

' ADDITIONAL 
MERCHANT 



70 

additional! 
consumer 



NEW CARD 



45 



NEW CARD 



55 



FIG.1 



SUBSTITUTE SHEET (RULE 26) 



WO 01/09852 



PCT/US00/20458 




£1 IRSTITI fTF (Bill P 9tt 



WO 01/09852 



PCT/US00/204S8 



START ^ 



3/8 



EXCHANGE BUNDLES 
OF DATA BETWEEN 
CARD 1 AND CARD 2 




210 

SEQ1a OFX m 
'CARD 1 = SEQ2a: r,J 
.OF CARD 2?^ 



PORTION 
"OF ASM GS KDf 
KEY OF CARD 1 
CORRESPONDS TO 
PORTION OF ASM 
KEY OF 
XARD 2?> 



YES 



230 



SUSPEND THE 
TRANSACTION 
AND RECORD 
INCIDENT IN 
A LOG FILE 



YES 



240 



SET SEQ1a TO HAVE 
THE VALUE OF 
SEQ2a BY TRANSMITTING/ 
APPLYING ASM 
COMMAND TO 
CARD 1 




260 



PROCEED WITH 
TRANSACTION 



NO 



280 



TRANSMIT AN ASM 
MESSAGE FROM 
CARD 2 TO CARD 1 



C 



STOP 



FIG.3 



CI IDCTIXI \Tr- f%, »^r-^ . 



WO 01/09852 



PCT/US00/20458 




SUBSTITUTE SHEET (RULE 2© 



WO 01/09852 



PCT/US00/20458 



START ^ 



5/8 



EXCHANGE BUNDLES 
OF DATA BETWEEN 
CARD 1 AND CARD 2 



600 




630 

y 

SUSPEND THE 
TRANSACTION 
AND RECORD 
INCIDENT IN 
A LOG RLE 



YES 



640 



YES 



± 



SET SEQ1 TO HAVE 
THE VALUE OF 
SEQ2 BY TRANSMITTING/ 
APPLYING ASM 
COMMAND TO 
CARD 1 



650 



PROCEED WITH 
TRANSACTION 



STOP 



FIG.5 

SUBSTITUTE SHEET (RULE 26) 



WO 01/09852 



PCT/US00/20458 




SUBSTITUTE SHEET (RULE 26) 



WO 01/09852 



PCT/US00/20458 



^ START ^ 



7/8 



EXCHANGE BUNDLES 
OF DATA BETWEEN 
CARD 1 AND CARD 2 



400 




430 



NO 



SET SEQ2b 
TO HAVE 
THE VALUE 
OF SEQIb 



YES 



440 



YES 



SET SEQIb TO 
HAVE THE VALUE 
OF SEQ2b 








ACTION ON THE 
PURSE TRIGGERED 






PROCEED WITH 
TRANSACTION 



•445 



•450 



STOP ) 



FIG.7 



ci tec 



WO 01/09852 



PCT/US00/20458 



c 



START 



8/8 



EXCHANGE BUNDLES 
OF DATA BETWEEN 
CARD 1 AND CARD 2 



460 



470 

'SEQ1b N 
(TIME1) OF \ Mn 
CARD 1 = SEQ2b X tiij 
(T1ME2) OF 
.CARD 2?> 



PORTION 
OF TIME GS 
KEY OF CARD 1 
CORRESPONDS TO 
PORTION OF TIME 
KEY OF 
.CARD 2?. 



NO 



485 



SUSPEND THE 
TRANSACTION 
AND RECORD 
INCIDENT IN 
A LOG FILE 





YES 


490 


YES 


SET SEQ1b TO 

HAVE THE 
VALUE OF SEQ2b 








^-495 




PROCEED WITH 






TRANSACTION 





STOP 



FIG.8 



at IRSTITUTE SHEET (RULE 281 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 



Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 

□ FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 



LJ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: . 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



BEST AVAILABLE IMAGES 




